The focus of the NSA's enhancements is on mandatory access controls, and the foundation for these is built into the kernel's major subsystems. The hope is that when the controls are properly applied, attackers can no longer expect to be able . . .
The focus of the NSA's enhancements is on mandatory access controls, and the foundation for these is built into the kernel's major subsystems. The hope is that when the controls are properly applied, attackers can no longer expect to be able to subvert application-based security mechanisms, and victims can be assured that the damage caused by flawed or malicious applications can be contained. This can even be applied to processes running as "superuser," which ordinarily would have unlimited access to the system.

The two security policy abstractions that the NSA's enhancements currently embrace are type enforcement and role-based access. Under type enforcement, each system process is associated with a domain, and each object is assigned a type. The system configuration files determine how domains interact with each other and with object types. You can define how program types can access process domains, how transitions from one domain to another take place, and when they're allowed. With role-based access, each process has an associated role. This helps segregate ordinary processes from privileged ones. Again, the system configuration determines how roles access domains and transition from one security domain to another.